Commit graph

76 commits

Author SHA1 Message Date
b23218a7f6
systemd timesyncd 2022-09-08 10:35:14 +02:00
6ec9aad801
Improve DNS configuration
Add Unbound server that separates queries between those going to Consul
and those going elsewhere.  This allows us to have DNS working even if
Consul fails for some reason. This way we can also remove the secondary
`nameserver` entry in /etc/resolv.conf, thus fixing a bug where certain
containers (Alpine-based images?) were using the secondary resolver some
of the time, making them unable to access .consul hosts.
2022-08-30 15:52:42 +02:00
243eee4322
Ask consul to use advertised address and not bind one 2022-08-24 20:03:31 +02:00
1172e8e511
Fix nomad talking to consul 2022-08-24 18:51:55 +02:00
a0c8280c02
Fix access to consul for non-server nodes 2022-08-24 16:58:50 +02:00
ec2020b71b
Disable bootstrap_expect unless specific deuxfleurs.bootstrap is set 2022-08-24 14:23:17 +02:00
9e39677e1d
Fix IPv6 2022-08-24 11:06:55 +02:00
ab901fc81d
Remove wesher, reconfigure staging without it 2022-08-23 23:55:15 +02:00
02b1e6200c
Disable ipv6 temporary addresses 2022-08-23 13:12:07 +02:00
7d7efab9ee
Update to nixos 22.05 2022-07-27 11:18:23 +02:00
641a68715f
Configure Consul DNS 2022-06-01 14:48:16 +02:00
d47d4e93ab
Work on drone runner as VM 2022-05-30 14:57:05 +02:00
1e23341710
Fix firewall rule for IGD 2022-05-09 00:29:17 +02:00
178107af0c
Network configuration updates 2022-05-09 00:20:02 +02:00
83dd3ea25a
Update network configuration 2022-05-08 14:42:18 +02:00
10d370491e
Replace ad-hoc wireguard by wesher on staging cluster 2022-04-20 18:04:57 +02:00
50e9f0b589
Wesher secret key in /var/lib/wesher/secrets 2022-04-20 10:50:42 +02:00
db081fad0e
First working Wesher configuration 2022-04-19 22:03:58 +02:00
9ff81afd7e
Wesher package now works 2022-04-19 18:09:56 +02:00
3d8989b9c9
nix infinite recursion 2022-04-19 17:41:18 +02:00
fdb5210f88
Move configuration.nix to nix/ subfolder 2022-03-28 12:18:52 +02:00
86b9873221
Wireguard directly using LAN addresses when possible 2022-02-26 00:13:08 +01:00
33446d2148
Carcajou is encrypted 2022-02-25 19:11:25 +01:00
6dc9281299
Add remote LUKS unlocking configuration 2022-02-25 17:52:17 +01:00
b0010b309b
Config for prod cluster 2022-02-09 15:38:36 +01:00
f03cafd49b
Modularize and prepare to support multiple clusters 2022-02-09 12:09:49 +01:00